OSS-fuzz #43781 - improve loop detection in pdfi_resolve_indirect

Add more and better detection of circular references when trying to
recursively turn indirect references into direct objects for the
'mark' (pdfmark in PostScript) code.

This has been a steady work in progress, there may be more cases yet.

1 files changed, 9 insertions, 1 deletions

diff --git a/pdf/pdf_doc.c b/pdf/pdf_doc.c
index 70bd4f23a..35be01846 100644
--- a/pdf/pdf_doc.c
+++ b/pdf/pdf_doc.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2020-2021 Artifex Software, Inc.
+/* Copyright (C) 2020-2022 Artifex Software, Inc.
    All Rights Reserved.
 
    This software is provided AS-IS with no warranty, either express or
@@ -1061,12 +1061,20 @@ static int pdfi_doc_PageLabels(pdf_context *ctx)
     int code;
     pdf_dict *PageLabels = NULL;
 
+    if (ctx->loop_detection)
+        code = pdfi_loop_detector_mark(ctx);
+
     code = pdfi_dict_knownget_type(ctx, ctx->Root, "PageLabels", PDF_DICT, (pdf_obj **)&PageLabels);
     if (code <= 0) {
+        if (ctx->loop_detection)
+            code = pdfi_loop_detector_cleartomark(ctx);
         /* TODO: flag a warning */
         goto exit;
     }
 
+    if (ctx->loop_detection)
+        code = pdfi_loop_detector_cleartomark(ctx);
+
     /* This will send the PageLabels object as a 'pdfpagelabels' setdeviceparams */
     code = pdfi_mark_object(ctx, (pdf_obj *)PageLabels, "pdfpagelabels");
     if (code < 0)